Auto supplier Gentex hit by ransomware attack

Michigan auto supplier Gentex Corp. suffered cyberattack several months ago, joining the growing ranks of manufacturers nationwide to have experienced a data breach.

The Tier 1 supplier of automatic-dimming rearview mirrors and electronics for the automotive, aerospace and fire protection industries confirmed to Crain’s Grand Rapids Business that it had suffered a ransomware attack.

“Gentex is aware of the data breach that occurred several months ago, and we have communicated to all affected parties. It’s important to note that the breach has not had an impact on our operations,” the company said in an emailed statement that did not address other questions about the incident.

Newton, Mass.-based TechTarget Inc., a business-to-business provider of content serving technology buyers, first reported on the data breach last week after being contacted by ransomware group Dunghill.

According to TechTarget, a Dunghill operator reached out with a link to what the group claims is 5 terabytes of sensitive corporate data from Gentex, including client documents and personal employee information. The report indicated Dunghill posted the stolen information on the dark web as well as shared the data with unspecified foreign and domestic manufacturers after Gentex “refused to cooperate.”

Threats against companies in the manufacturing industry have become more prevalent and more costly as of late. According to an annual report from IBM, the cost of a data breach for the industrial sector — which includes chemical, engineering and manufacturing companies — increased 5.4 percent on a year-over-year basis to $4.47 million in 2022.

While the health care industry experienced the highest annual costs from data breaches in the two most recent years, according to the IBM report, other experts say the manufacturing industry is growing increasingly vulnerable.

An executive from the Forbes Technology Council recently highlighted manufacturing among five targeted industries aside from health care. Because manufacturing companies have started to rely more heavily on technology and digital systems in recent years, they have opened new avenues for cybercriminals.

“In addition to data theft for ransom, (cybercriminals) target the manufacturing industry since it allows for large-scale disruptions and geopolitical repercussions,” Abdul Subhani, CEO of IT consulting company Centex Technologies, wrote for Forbes. “Even though the manufacturing industry is not publicly facing and may not be easily accessible as other industries, it still has a risk of being targeted due to its high disruption factor.”

Indeed, in its most recent 10-K annual filing, Gentex specifically identified cybersecurity and threats to IT infrastructure as key risk factors. The company disclosed that it maintains “an extensive network” of measures to help address any threats, including technical security controls, policy enforcement mechanisms, monitoring systems and management oversight.

However, Gentex recognized that despite the implementation of security measures, its IT systems, “like all IT systems,” are vulnerable to damages from cyberattacks, computer viruses or similar disruptions.

“To the extent that any disruptions or security breach results in a loss or damage to our data, or an inappropriate disclosure of confidential or customer information, it could cause significant damage to our reputation, affect our relationships with our customers, lead to claims against the company and ultimately harm our business, reputation, financial condition, and/or results of operations,” the company said in the filing with federal securities regulators.

Gentex, based near Grand Rapids, Mich., ranks No. 88 on the Automotive News list of top 100 global suppliers with worldwide sales to automakers of $1.7 billion in 2021.